Steadefi

DeFiHardhatFoundryOracle

35,000 USDC

View results

Previous Next

Submission Details

Severity: high

Invalid

Debt Repayment Vulnerable to Griefing Attacks

Prosper

Summary

The finding relates to a potential vulnerability in the deposit and withdrawal process GMXVault.sol involving GMX and GMXVault.sol Specifically, when a deposit request is denied on the GMX side, it triggers a callback in the GMXVault.sol contract. Within this callback function, the leverage amount is repaid,

GMXManager.repay(

self,

self.depositCache.borrowParams.borrowTokenAAmt,

self.depositCache.borrowParams.borrowTokenBAmt

);

and the attacker set in the deposit request receives native tokens. However, if the attacker request reverts when receiving these tokens, it causes the entire transaction to revert. Additionally, vulnerabilities can arise if a user is blacklisted by USDC token contracts, an attacker can do this intentionally to drain the lending pool.

Vulnerability Details

Deposit Denial Handling: When a deposit request is denied on the GMX side, the callback function in VodkaV2GMXHandler is invoked. In this function, the leverage amount is repaid, and native tokens are transferred to the user initiating the deposit request.

User Reversion: If the user reverts during the receipt of native tokens, it results in the entire transaction being reverted. This means that the funds intended for repayment are not transferred, potentially causing a loss of assets.

Blacklisting Vulnerability: Users can be blacklisted by USDC token contracts. Blacklisting specific addresses at the contract level can lead to failures in transfers to or from those addresses.

Impact

The potential impacts of these vulnerabilities include:

Loss of assets when deposit requests are canceled on the GMX side and users revert during the receipt of native tokens.
Disruption of token transfers for blacklisted addresses, which can affect the functionality of the system and user experience.

Tools Used

Recommendations

To mitigate these vulnerabilities, the following recommendations are proposed:

In https://github.com/Cyfrin/2023-10-SteadeFi/blob/1841efff70defe305d53a850c49acffda788a401/contracts/strategy/gmx/GMXDeposit.sol#L213 Wrap Token Transfers in Try/Catch Blocks: When transferring tokens to users, wrap the transfer operation in a try/catch block to handle errors gracefully. This prevents transaction reversion due to user reverts.

try IERC20(self.depositCache.depositParams.token).safeTransfer(

self.depositCache.user,

self.depositCache.depositParams.amt

) returns (bool success) {

require(success, "transfer failed");

} catch Error(string memory errorMessage) {

// catch the error

emit RepayDepositFailure() events

}

Check for User Blacklisting: Implement checks to verify if the receiver of USDC tokens is not blacklisted. This check can help ensure that token transfers to and from users' addresses proceed smoothly, reducing potential disruptions.

Updates

Lead Judging Commences

hans Lead Judge over 1 year ago

Submission Judgement Published

Invalidated

Reason: Other

Prize pool breakdown

Total prize

35,000 USDC

nSLOC

2,289

15 USDC / LOC

High Medium

33,000 USDC

Low

2,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.